CVE-2018-3856
published 2018-08-23CVE-2018-3856: An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device…
critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| samsung | samsung | — | — |
| samsung | sth-eth-250_firmware | — | — |